-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 24 Jul 2021 19:03:02 +0200 Source: aspell Binary: aspell aspell-dbgsym libaspell-dev libaspell15 libaspell15-dbgsym libpspell-dev Architecture: armhf Version: 0.60.7~20110707-6+deb10u1 Distribution: buster-security Urgency: high Maintainer: armhf / armel Build Daemon (hoiby) Changed-By: Thorsten Alteholz Description: aspell - GNU Aspell spell-checker libaspell-dev - Development files for applications with GNU Aspell support libaspell15 - GNU Aspell spell-checker runtime library libpspell-dev - Development files for applications with pspell support Closes: 991307 Changes: aspell (0.60.7~20110707-6+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2019-17544 It was discovered that Aspell incorrectly handled certain inputs which leads to a stack-based buffer over-read. An attacker could potentially access sensitive information. . [ Agustin Martin Domingo ] * CVE-2019-25051 (Closes: #991307) objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow Checksums-Sha1: 13587c27ab8e11242faad9f2bab0c755f19ab10d 540688 aspell-dbgsym_0.60.7~20110707-6+deb10u1_armhf.deb 959228300767565f61597a7b8ae097ece3652ea4 7409 aspell_0.60.7~20110707-6+deb10u1_armhf-buildd.buildinfo fc49cdf73cdd10860eed218aeaad94c61b16722e 217812 aspell_0.60.7~20110707-6+deb10u1_armhf.deb 61aebe20a714f64cf284a4a6231e5425f3666e31 32856 libaspell-dev_0.60.7~20110707-6+deb10u1_armhf.deb a941ad23ad90dd2cd8dffdba85417fb81932a00d 2702728 libaspell15-dbgsym_0.60.7~20110707-6+deb10u1_armhf.deb 1c5ee69a27397c94b1e0ffed868b6ffd24148fea 282376 libaspell15_0.60.7~20110707-6+deb10u1_armhf.deb bae4f616a11cbc75541438963938a812a3a61dbb 29944 libpspell-dev_0.60.7~20110707-6+deb10u1_armhf.deb Checksums-Sha256: 693f46fddbd250a0fcf51170980ff08091942e91b1b3825bc7063ef464c45e68 540688 aspell-dbgsym_0.60.7~20110707-6+deb10u1_armhf.deb 0d0a4775cc315d35525ac92f0ce26ad34975c817dee0f897e14a72e0cfdd7f21 7409 aspell_0.60.7~20110707-6+deb10u1_armhf-buildd.buildinfo b1d884b5939298131ed4232b00826251107363587b830db060a38957057c9123 217812 aspell_0.60.7~20110707-6+deb10u1_armhf.deb b2ac2eda13072b7a4d458bb26d6328cf02d2ba203128ba09053056259eb167c6 32856 libaspell-dev_0.60.7~20110707-6+deb10u1_armhf.deb 978b7b9dbefd13fda2fc4462a640ce108dd3f95e654018b09fe67a80567bd379 2702728 libaspell15-dbgsym_0.60.7~20110707-6+deb10u1_armhf.deb 2e9a6edd9fe7eca5e6c71cfea524432edf724fffc279e7ba60dc8f66be5c954b 282376 libaspell15_0.60.7~20110707-6+deb10u1_armhf.deb 17ade7c4e2dabcb9017596fde8495d068384134a12b78bc470cffef2740a7b8d 29944 libpspell-dev_0.60.7~20110707-6+deb10u1_armhf.deb Files: 7776a404fcda0f089fbe0225df50f145 540688 debug optional aspell-dbgsym_0.60.7~20110707-6+deb10u1_armhf.deb fc62a08b8c19800831baaba0cfcf56f2 7409 text optional aspell_0.60.7~20110707-6+deb10u1_armhf-buildd.buildinfo 9d678efade441754e088cc5c5de3069a 217812 text optional aspell_0.60.7~20110707-6+deb10u1_armhf.deb 8449548c2641b70c9a65f71b8c6f26c0 32856 libdevel optional libaspell-dev_0.60.7~20110707-6+deb10u1_armhf.deb c228cc2e1d834414f69b047d5adfd78c 2702728 debug optional libaspell15-dbgsym_0.60.7~20110707-6+deb10u1_armhf.deb 178bfd92443be8c5c140c7c7840e92dd 282376 libs optional libaspell15_0.60.7~20110707-6+deb10u1_armhf.deb 130784281b6eb3598d0eeefc2ad9b558 29944 libdevel optional libpspell-dev_0.60.7~20110707-6+deb10u1_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXKbqG0HaSMJSbIp828NZPHfgpE0FAmEEi7YACgkQ28NZPHfg pE3fSw/+JtsaGiwPrcWsNMKyJE+tA6pWNkuqezJyPflqxqQROHWOoigKV5Raib1I 39uKxydFLtXAo1YJGEpoKvNMjScevR4OJCr6OepyMSIqut2TzbDrO3gHLS69Kfx6 AB2ej9MkwIQTN0zpKCssBjlrZq5QGsKDVT3yowPzI/RlFGjVrowoghME0BATDBfC I4qWQ9dJjBgqsfbG1jx8ZuvJaqKVCM6nyxxj/E+5B6t9RGX4gMpAqbRRALdHox5k Z4wPxhk4J+JLRsQ26zvwoQOMB3QnPq13oyTar6TlDPzfRKGLpJt3tUs5fLJzeOEl MfQ4rkjoIjVmiAP8QaSnUn7T9JbQe7tscCJ0SNDX3tP6etlF692WLD9ZeKfdNTtu bsNpZjFTpDpKcBBPVZnq/gjqTqAshpVFS0uf8SDGsfjZ1Uiy952GsXa1cP7KhonQ nKDMg9Z1bF39KvZpPM6FzMHP4g2f2/fuLVOufcw18B/VWRvHPkPgedC7dsevW8Y3 GDpCAqC8DOlOncnqr5Kd6YBISVDcf51WRPrQMWGxA8YfS040cfHKe4dn0P6iUmwA vFVslBkq6ryxW+k9flmKbJFosmMWZtZMEZSTGv2DzrG/nvUrKrm09DGMMSh80bub aCKDq+U6a7zHrQV40sISRsaLTf2Mh7uPSX9IhAfdKKv0fPME9pw= =yieJ -----END PGP SIGNATURE-----